Last night I was reading on the warrior forum about a guy that had several of his WordPress sites hacked. I panicked a little when I read that and on impulse I ordered yet another eBook which I probably didn’t need to. Just about all the information in it could have been easily found online so I feel like it was a waste of $22.00.
Another thing is that there are so many steps to secure each site that it makes it too time consuming when it comes to updating to the latest wordpress version since you have to repeat all fo the same steps again.
So today I decided to check out some tutorials online that had the same information…only free. I did these today and installed on this blog as well as my other wordpress blogs.
WordPress Plug-ins To help secure and protect your blog:
- WP-Spam Free Plug In – Protects your blog from comment spam without bothering your readers with CAPTCHA. Also has an easy contact form that you can set up and protect your email form unnecessary spam.
- WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
- Login Lockdown – Records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
- Admin SSL – Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL.
Other Security Tips:
- Prevent your directories from being indexed in the search engines.
Add this line to your robots.txt file:Disallow: /wp-* - Hide your plugins folder. Check to see if it is hidden ex: http://mysite.com/wp-content/plugins
If you can see a list of all your plug ins, they are not hidden!Open your .htaccess file and edit it with notepad.
add this to the file some where after the
# BEGIN WordPressline :# Prevents directory listing
IndexIgnore * - Hide your wp-config.php file. Since this file holds your database information you will want to hide this from public view.
open up your .htaccess file again and add this:<Files wp-config.php>
order allow,deny
deny from all
</Files>
I found this great post with 18 security plugins and tips. but some of them don’t work because of my server and one just doesn’t work right (Stealth Login locked me out of my site and had to delete the folder in the plugins folder then had to delete my .htaccess file in order to reach my log in page again.)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=9a747408-a91c-45be-b148-e0a5afcc9a04)
RSS Feeds
on 
on 
on 
This is a very helpful post, thanks. I am off right now to secure my WP blogs.
Thank you for posting all this great info, much appreciated!!
Witchie´s last blog ..5K Amys Way or Bust!